diff options
Diffstat (limited to 'README.mdwn')
-rw-r--r-- | README.mdwn | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/README.mdwn b/README.mdwn index 7285511d..d4ae09b6 100644 --- a/README.mdwn +++ b/README.mdwn @@ -809,9 +809,10 @@ Generation of certificates > Note: This should be automated in the next upgrade. The instructions > sound like a lot of effort -To generate the SSL certs, first you need to clone the following repository: +To generate the SSL certs, first you need to clone the following repositories: git clone https://github.com/lukas2511/letsencrypt.sh.git + git clone https://github.com/mythic-beasts/letsencrypt-mythic-dns01.git The version used the first time was `0.4.0` with sha `116386486b3749e4c5e1b4da35904f30f8b2749b`, (just in case future releases break these instructions) @@ -827,6 +828,14 @@ of the subdomains: git.baserock.org EOF +And the `config` file needed: + + cat >config <<'EOF' + CONTACT_EMAIL="admin@baserock.org" + HOOK="../letsencrypt-mythic-dns01/letsencrypt-mythic-dns01.sh" + CHALLENGETYPE="dns-01" + EOF + Create a `dnsapi.config.txt` with the contents of `private/dnsapi.config.txt` decrypted. To show the contents of this file, run the following in a `infrastructure.git` repo checkout. @@ -838,6 +847,8 @@ Now, to generate the certs, run: ./dehydrated -c +> If this is the first time, you will get asked to run +> `./dehydrated --register --accept-terms` In the `certs` folder you will have all the certificates generated. To construct the certificates that are present in `certs` and `private` you will have to: @@ -846,7 +857,7 @@ certificates that are present in `certs` and `private` you will have to: mkdir -p tmp/private tmp/certs # Create some full certs including key for some services that need it this way - cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem + cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem irclogs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem # Copy key files @@ -876,6 +887,11 @@ keys (located in `private` folder): ansible-vault encrypt tmp/private/* +And copy them to the repo: + + cp tmp/certs/* ../../certs/ + cp tmp/private/* ../../private/ + Deploy certificates ------------------- |